enable require client cert

This commit is contained in:
Konstantin Lebedev 2022-06-24 00:29:23 +05:00
parent ea7cdb8b0e
commit b0aa51d7ef

View file

@ -64,12 +64,12 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
RootOptions: advancedtls.RootCertificateOptions{
RootProvider: serverRootProvider,
},
RequireClientCert: false,
RequireClientCert: true,
VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) {
glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName)
return &advancedtls.VerificationResults{}, nil
},
VType: advancedtls.SkipVerification,
VType: advancedtls.CertVerification,
}
ta, err := advancedtls.NewServerCreds(options)
if err != nil {
@ -134,7 +134,7 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
RootOptions: advancedtls.RootCertificateOptions{
RootProvider: clientRootProvider,
},
VType: advancedtls.SkipVerification,
VType: advancedtls.CertVerification,
}
ta, err := advancedtls.NewClientCreds(options)
if err != nil {